CLA Cybersecurity Alert: Microsoft Email Server Attack Update
Reach out to CLA’s cybersecurity team. We can help you identify appropriate steps needed to decrease the risk this attack can have to your organization.
Brief summary: On March 2, Microsoft first announced a series of vulnerabilities that enabled hackers to break into the company’s Exchange email, calendar programs, and in some cases integrated voice messaging. China — among others — has allegedly used this vulnerability to spy on a wide range of industries in the United States ranging from medical research to law firms to defense contractors.
The tally of customers affected by this breach is estimated to be at least in the tens of thousands, with many victims assessed to be small and mid-sized organizations. Alarmingly, authorities have verified that victims range from small companies to large multinational organization. In short, this breach represents a significant risk for any client with a public-facing internet presence.
“A White House National Security Council spokesperson said in an emailed statement that the Biden administration ‘is undertaking a whole-of-government response to assess and address the impact.’
“This is an active threat still developing,” the spokesperson said. (Source: NBC News)
Why does this matter to you: This latest national headline follows on the heels of the December 13, 2020 announcement regarding a massive, persistent data breach initially referred to as the ‘SolarWinds Hack.’ These two events alone are driving significant international news coverage around cybersecurity and the threat of persistent malicious actors in cyberspace.
Action:
- If you have not done so already, please update your software immediately. ‘Patching’ is critical; however, you should ALSO check as soon as possible for indicators of compromise. If you have been hacked, there is a possibility that pieces of malicious code attackers implant on web servers allowing them remote access and code execution to server functions may already be in place for ongoing or later attacks on the network. In many cases, detection requires the services of a professional cybersecurity team.
- CLA’s professionals can assist with:
- Incident response, triage, isolation of malware or remote access, and “clean-up.”
- Penetration testing and an overall security assessment to help safeguard against a multitude of attack vectors that could affect your operations (ransomware, malware, and theft of sensitive information on business operations or patient/client/student/customer data).
Takeaway:
- Every organization with digital infrastructure that touches the internet or other networks is at risk. Regardless of your size or industry, your computers and systems are being probed daily for weaknesses and are at a high likelihood of being breached by malicious actors. The only difference? Whether the company is aware of and catching the attacks.
- CLA offers a wide variety of cybersecurity services to assist you:
- Cyber risk and control strategy and design
- Pre-emptive security assessment and testing
- Post-attack assessment and remediation
- Holistic assessment of client’s end-to-end digital infrastructure
- Training to assist leadership and employees in minimizing further threats
CLA remains committed delivering a seamless experience for our clients, especially when it comes to defending your incredibly valuable intellectual property, customer data, and proprietary information. Please reach out so we can help assess your current needs and recommend a way forward for you to help safeguard your critical operations.
If you have further questions, reach out to CLA or Frank Nemia, francis.nemia@CLAconnect.com, 617-901-5788.
Kadian currently works with the Information Security Services Group as well as higher education group providing compliance services, outsourcing and co-sourcing engagements and information security assessments.
Comments are closed.